search

jasonish / docker-suricata

A Suricata Docker image.
https://hub.docker.com/r/jasonish/suricata/
MIT License
250 stars 76 forks source link

Missing arm64 manifest prevents image pulls on aarch64 Docker #14

Closed mdfranz closed 3 years ago

mdfranz commented 3 years ago

There is no platform/architecture for 

         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }

(this was taken from docker manifest inspect python)

So on Ubuntu 20.04 you cannot pull down the images

ubuntu@ip-172-31-37-233:~$ docker pull jasonish/suricata:6.0.1
6.0.1: Pulling from jasonish/suricata
no matching manifest for linux/arm64/v8 in the manifest list entries
ubuntu@ip-172-31-37-233:~$ uname -a
Linux ip-172-31-37-233 5.4.0-1032-aws #33-Ubuntu SMP Wed Dec 9 17:17:06 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux

and

Dec 28 23:50:20 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:20.718678864Z" level=debug msg="Calling POST /v1.41/images/create?fromImage=jasonish%2Fsuricata&tag=6.0.1"
Dec 28 23:50:20 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:20.720603635Z" level=debug msg="Trying to pull jasonish/suricata from https://registry-1.docker.io v2"
Dec 28 23:50:21 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:21.140226482Z" level=debug msg="Fetching manifest from remote" digest="sha256:f1eee4c3369c9b8e55816547d2a037555ffa277f2d3ead4a8d6e80001a0f90a6" error="<nil>" remote="docker.io/jasonish/suricata:6.0.1"
Dec 28 23:50:21 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:21.350909824Z" level=debug msg="Pulling ref from V2 registry: jasonish/suricata:6.0.1"
Dec 28 23:50:21 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:21.350953508Z" level=debug msg="docker.io/jasonish/suricata:6.0.1 resolved to a manifestList object with 3 entries; looking for a unknown/arm64 match"
Dec 28 23:50:21 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:21.350973208Z" level=debug msg="no matching manifest for linux/arm64/v8 in the manifest list entries"
Dec 28 23:50:21 ip-172-31-37-233 dockerd[25921]: time="2020-12-28T23:50:21.351199600Z" level=info msg="Attempting next endpoint for pull after error: no matching manifest for linux/arm64/v8 in the manifest list entries"

It looks like just an additional annotation is required per https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25951 as Dockerfile.alpine-arm64v8 did correctly build images that I could run on AWS 64bit ARM instance and a Raspberry Pi4.

jasonish commented 3 years ago

Interesting.. Try again.. I've added arm64/linux/v8 annotation and pushed. It appears to remove the arm/linux/v8 annotation, so I'm curious if that will break things. I did test the arm/linux/v8 one somewhere and it worked, but its not a normal one that I test.

mdfranz commented 3 years ago

This fixed it, thanks!

mfranz@pi4b-b7ead551:~$ !175
docker pull jasonish/suricata
Using default tag: latest
latest: Pulling from jasonish/suricata
b538f80385f9: Pull complete 
8175559dba54: Pull complete 
c17c2553f763: Pull complete 
f78c86ede442: Pull complete 
5c074ef16182: Pull complete 
c462439d2654: Pull complete 
b939abfe4f1e: Pull complete 
8c55afb77fa0: Pull complete 
fdc30a5ce2d5: Pull complete 
Digest: sha256:6e38f779c1f6d9259132e93ce82627145391b7da4190b67befd9ef7b83b3383e
Status: Downloaded newer image for jasonish/suricata:latest
docker.io/jasonish/suricata:latest

mfranz@pi4b-b7ead551:~$ docker run -it jasonish/suricata /bin/sh
/ # /usr/bin/suricata -h
Suricata 6.0.1
USAGE: /usr/bin/suricata [OPTIONS] [BPF FILTER]